An Internet of Medical Things Cyber Security Assessment Model (IoMT-CySAM)

Abstract

Backgrounds E-health systems and particularly those based on connected medical devices, commonly known as Internet of Medical Things (IoMT) paradigm, are among the trends these days. As a transformative technology in the healthcare domain, it mainly enables real-time monitoring and seamless data exchange. However, given their complexity of architecture, their ubiquitous nature, and their resource limitations, ensuring the privacy and protecting user's data in such systems remains issue of concern. New security risks within Internet of Things (IoT)/IoMT-based e-health applications have emerged. Methods The current research work relies on an in-depth study of IoMT architectures addressing their technical foundations as well as their associated security considerations. From a security standpoint, common vulnerabilities, threats, and associated risks are identified, and state-of-the-art mitigation strategies, mainly standard risk management frameworks, are evaluated. A comparative analysis was conducted on existing solutions, discussing their suitability in addressing the identified concerns. Results The conducted study reveals that, in general contexts, applying and conducting risk management processes are not easy tasks (seem to be confusing and prone to errors), especially within heterogeneous and complex systems such as IoMT applications. There is a strong need for automatic solutions to simplify the complexity of the application of different models and processes. Automation and tools are considered among important factors to ensure the success of any proposal. We present, in this manuscript, our framework designed to handle this issue and introduce our system called IoMT-CySAM (Internet of Medical Things - Cyber Security Assessment Model), a main part of our research work in this context. IoMT-CySAM allows evaluating trustworthiness and managing cyber risks within IoMT environments. Conclusions As the deployment of IoMT systems faces critical security and privacy challenges, automated risk management solutions are highly required to handle the issues. The IoMT-CySAM, as a context-aware and adaptive solution, is defined to help with trustworthiness evaluation and security risk management within IoMT environments. Moving forward, research should prioritize automated reliable solutions that ensure both effective protection and operational efficiency.